ArmaLocky Ransomware
The ArmaLocky Ransomware is an encryption ransomware Trojan that is used to extort computer users. The ArmaLocky Ransomware is a variant of Locky, a well-known encryption ransomware Trojan that has claimed numerous victims. The ArmaLocky Ransomware is easy to be spotted because it will encrypt the victim's files and mark them with the file extension '.armadilo1,' added to the end of each file's name. The ArmaLocky Ransomware may be delivered to victims through the use of spam email attachments and corrupted links. Usually, spam email messages used to deliver the ArmaLocky Ransomware are disguised as legitimate messages from a shipping company, a social media platform or another legitimate source. The message will use some misleading social engineering tactic to trick the computer user into opening the attached file, such as claiming that the attached file is a shipping invoice or a family photo. When the victim opens the file attachment, the ArmaLocky Ransomware is downloaded and installed on the victim's computer. Because of this, learning to spot and avoid these social engineering tactics is fundamental in preventing the ArmaLocky Ransomware infections and similar attacks.
The Encryption used by the ArmaLocky Ransomware is Very Effective
The ArmaLocky Ransomware works by restricting the victims' access to their files. The ArmaLocky Ransomware then demands the payment of a ransom to restore that access. This is a typical approach used by most encryption ransomware Trojans. The ArmaLocky Ransomware and other ransomware Trojans favor Bitcoin for payments since it affords some anonymity. The ArmaLocky Ransomware is designed to infect computers running any version of the Windows operating system. In its attack, the ArmaLocky Ransomware uses a combination of the RSA and AES 256 encryption algorithms, making it nearly impossible to decrypt the files encrypted by the attack. The ArmaLocky Ransomware will drop three files on the infected computer's desktop after encrypting the victim's files. These files, named 'Armadilo1.html,' 'Armadilo1.bmp,' and 'Armadilo1_[4_digit_number].html,' contain a ransom note and instructions demanding the payment of 0.15 Bitcoin (650 USD approximately at the current exchange rate).
The full text of the ArmaLocky Ransomware ransom note states:
'IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
hxxps://en.wikipedia.org/wiki/RSA_(cryptosystem)
hxxps://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
[edited]
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxps://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: [edited]
4. Follow the instructions on the site.
!!! Your personal identification ID: [edited]'
Computer users are advised to refrain from following the instructions in the ArmaLocky Ransomware ransom note.
What to Do in the Event of an ArmaLocky Ransomware Infection
PC security researchers advise avoiding paying the ransom sum if the ArmaLocky Ransomware has infected your computer. The people responsible for the ArmaLocky Ransomware attack may not follow through on their promise to pay the ransom, and they are equally likely to ignore the victim. However, since it is not possible to recover files encrypted by the ArmaLocky Ransomware currently, take preventive steps to protect your data from the ArmaLocky Ransomware and similar threats. The best protection against threats like the ArmaLocky Ransomware is to have file backups. If you have backups of your data, then the people responsible for the ArmaLocky Ransomware can no longer demand a ransom payment from you. PC security analysts advise computer users to use a reliable security program that is fully up to date to protect their data and computer from the ArmaLocky Ransomware and other threats active today.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.